SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation

Description

A new Android malware campaign called 'SuperCard X' has been identified, employing NFC-relay techniques to enable fraudulent POS payments and ATM withdrawals. Distributed through a Chinese-speaking Malware-as-a-Service platform, it shares similarities with NGate malware. The campaign uses social engineering tactics to trick victims into installing the malicious app and tapping their payment cards on infected phones. This sophisticated fraud scheme combines SMS phishing, phone calls, malware installation, and NFC data interception. SuperCard X poses a significant financial risk to banking institutions, payment providers, and credit card issuers due to its ability to perform instant fraudulent cash-outs with debit and credit cards.